Substantial IoT Security Assurance | PSA Certified Level 3

PSA Certified Level 3 is designed for silicon vendors who want independent evaluation of their PSA Root of Trust (PSA-RoT) implementation. It offers demonstrable proof to their customers that their product has been independently tested and offers substantial assurance and robustness. It also gives confidence to OEMs and ODMs that the chip can provide protection from hardware and software attacks.

How Does PSA Certified Level 3 Work?

The process starts with silicon vendors creating a hardware Root of Trust (PSA-RoT) which makes use of built-in security functions such as: secure boot, secure storage, cryptographic services and attestation. Your chosen PSA Certified evaluation laboratory will evaluate your implementation of the PSA-RoT using vulnerability analysis and penetration testing, in order to establish if the PSA Certified Level 3 Protection Profile requirements have been met.

The test laboratory will use 35 days of white box evaluation to carry out vulnerability analysis and then penetration tests of the chip’s PSA-RoT.

Proven Substantial Protection from Software and Hardware Attacks

PSA Certified Level 3 offers increased robustness for OEMs building applications with high-value assets.

Establish Trust Based on Independent Third-party Evaluation

Build trust with customers through unbiased and independent evaluation of products.

Offering Flexibility with a Choice of Evaluation Methodology

We believe that choice is important, which is why we offer two protection profiles: SESIP or CSPN style.

PSA Certified Level 3 At a Glance

Audience	Silicon Vendors
Scope	PSA Root of Trust
Threats	T.ROGUE_CODE T.FIRMWARE_ABUSE T.UPDATE_ABUSE T.STORAGE T.DEBUG T.WEAK_CRYPTO T.IMPERSONATION T.PHYSICAL T.SIDE_CHANNEL
Security Functional Requirements	CSPN F.INITIALIZATION F.SOFTWARE_ISOLATION F.SECURE_STORAGE F.FIRMWARE_UPDATE F.SECURE_STATE F.CRYPTO F.ATTESTATION F.AUDIT F.DEBUG F.PHYSICAL SESIP Verification of Platform Identity Verification of Platform Instance Identity Attestation of Platform Genuineness Secure Initialization of Platform Attestation of Platform State Secure Update of Platform Physical Attacker Resistance Software Attacker Resistance: Isolation of Platform (between SPE and NSPE) Cryptographic Operation Secure Encrypted Storage Cryptographic KeyStore Cryptographic Random Number Generation
Evaluation Effort	35 days* white box evaluation

*The elapsed calendar time may differ depending on available resources and interactions with the certification body. The 35 days of evaluation efforts include Security Target review, vulnerability assessment, test plan, testing and write-up of the Evaluation Technical Report.

Why Should I Choose PSA Certified Level 3 over PSA Certified Level 2?

PSA Certified Level 2 demonstrates protection from scalable software attacks with an evaluation that includes 25 man-days of effort.

PSA Certified Level 3 includes more attack types, more sophisticated side channel and perturbation attacks as well as physical attacks. It therefore has a longer evaluation period, 35 man-days.

A PSA Certified Level 3 chip is well suited for devices that:

Protect high value assets (for example, a smart door lock on your home)
Might be subject to a sophisticated attack due to economic gain or brand damage
Offer physical access to a hacker or have an asset that needs protecting against physical attacker

Learn more

Evaluation Methodology Choice for PSA Certified Level 3

At PSA Certified we recognise that choice is key. To reduce certification fragmentation and make it easier to adopt security certification we’re offering an additional evaluation methodology, which makes PSA Certified more extensible in other markets.

Silicon vendors choosing to carry out PSA Certified Level 3 testing can choose between one of two equivalent evaluation methodologies providing the same level of assurance: either the PSA Certified Level 3 Lightweight Protection Profile (informal CSPN style) or the PSA Certified Level 3 GlobalPlatform SESIP Profile (more formal style).

Although written in different styles, they are designed to require the same features and the same level of security. Both should result in the test house performing the same testing. Both methodologies are assessed by the same team at the certification body, and both lead to the same PSA Certified certificate. Both documents outline the security requirements that will be evaluated by the evaluation lab.

For your first certification, the CSPN route is possibly simpler as you do not need to use formal language. If you want to use your certificate in composition as part of a larger certification then you may want to choose the SESIP route.

PSA Certified Level 3 RoT Component

Showcase RoT components that provide substantial robustness and assurance including protection from physical attacks, by aligning to a sub-set of the PSA Certified Level 3 requirements. This process uses the SESIP protection profiles and allows you to achieve an official PSA Certified certificate.

Learn more

PSA Certified Level 4 iSE/SE

A PSA Certified Level 3 Root of Trust can use a trusted subsystem such as a Secure Enclave or Secure Element that has itself been certified using PSA Certified Level 4 iSE/SE. In this case the overall PSA-RoT can achieve a PSA Certified Level 3+SE.